tcplay is a free, fully featured and stable TrueCrypt implementation including multiple keyfiles and cipher cascades.
Source: github project home
Install the package.
Encrypting a file as a virtual volume
$ losetup -f
to find the first unused loopback device; in this example,
loopdevice module is no longer auto-loaded.
Create a new container
foo.tc, 20M in size for instance, in the working
# fallocate -l 20M foo.tc # losetup /dev/loop0 foo.tc # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Enter a secure password for the volume, and confirm the query to overwrite
foo.tc with the new volume. tcplay will then write random data into the
volume. Map the volume and create a filesystem on it in order to mount
# tcplay -m foo.tc -d /dev/loop0 # mkfs.ext4 /dev/mapper/foo.tc # mount /dev/mapper/foo.tc /mnt/truecrypt/
To unset the container,
# umount /mnt/truecrypt # dmsetup remove foo.tc # losetup -d /dev/loop0
Mounting an existing container for a user
/dev/loop0 the first unused loop device,
/home/you/truecrypt/ the desired mount point. The
you in this example has
steps for mounting the container as a virtual volume are:
- Associate loop device with the container
- Map the container to the loop device
- Mount the container in the filesystem
The following commands perform the above actions.
# losetup /dev/loop0 foo.tc # tcplay -m foo.tc -d /dev/loop0 # mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
Note, if the container uses ext4 or another filesystem that supports file ownership, the
gid parameters aren't needed and will not work. Therefore the third command would be simply:
# mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
To reverse them:
# umount /home/you/truecrypt/ # dmsetup remove foo.tc # losetup -d /dev/loop0
TheAUR tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.
The following command creates a 3Mb container called foo.tc.
# tcplay-helper create foo.tc 3M
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/
# tcplay-helper open foo.tc
Alternatively, we can supply a username to mount the container as.
# tcplay-helper open foo.tc archie
Finally, to close the container this command does the trick.
# tcplay-helper close foo.tc